diff --git a/doc/development/identity_verification.md b/doc/development/identity_verification.md
index 2300fd00e9df9a0983324ef2945125088525ba48..caaf5f8229ce8f8509a22fb4071027d83bf2093a 100644
--- a/doc/development/identity_verification.md
+++ b/doc/development/identity_verification.md
@@ -8,16 +8,6 @@ info: Any user with at least the Maintainer role can merge updates to this conte
For information on this feature that are not development-specific, see the [feature documentation](../security/identity_verification.md).
-## Feature flags
-
-Because of the many registration paths and multiple verification stages, identity verification has several feature flags.
-
-Before you enable these features, ensure [hard email confirmation](../security/user_email_confirmation.md) is enabled and [Arkose](../integration/arkose.md#configuration) is configured properly.
-
-| Feature flag name | Description |
-|---------|-------------|
-| `identity_verification_credit_card` | Turns on credit card verification for high risk users for all flows. |
-
## Logging
You can triage and debug issues raised by identity verification with the [GitLab production logs](https://log.gprd.gitlab.net).
diff --git a/ee/app/helpers/ee/application_settings_helper.rb b/ee/app/helpers/ee/application_settings_helper.rb
index f009e2cb412b53fb2a5b2a08ad3d230a9216cb33..c208470f8c09642e7b983ecb380bfbd00c3df8cf 100644
--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -321,6 +321,7 @@ def identity_verification_attributes
arkose_labs_private_api_key
arkose_labs_public_api_key
ci_requires_identity_verification_on_free_plan
+ credit_card_verification_enabled
phone_verification_enabled
telesign_api_key
telesign_customer_xid
diff --git a/ee/app/models/concerns/identity_verifiable.rb b/ee/app/models/concerns/identity_verifiable.rb
index e1cfdaa4fd80f37a90e17ceb148adf9319a68386..bf634efbca955c93642ca573a525637186393b86 100644
--- a/ee/app/models/concerns/identity_verifiable.rb
+++ b/ee/app/models/concerns/identity_verifiable.rb
@@ -43,10 +43,10 @@ def signup_identity_verified?
# This prevents the scenario where a user has to verify their identity
# multiple times. For example:
#
- # 1. identity_verification_credit_card FF is disabled
+ # 1. credit_card_verification_enabled application setting is false
# 2. A user registers, is assigned High risk band, verifies their email as
# prompted, and starts using GitLab
- # 3. identity_verification_credit_card FF is enabled
+ # 3. credit_card_verification_enabled application setting is true
# 4. User signs out and signs in again
# 5. User is redirected to Identity Verification which requires them to
# verify their credit card
@@ -173,7 +173,7 @@ def verification_method_enabled?(method)
::Gitlab::CurrentSettings.phone_verification_enabled &&
!PhoneVerification::Users::RateLimitService.daily_transaction_hard_limit_exceeded?
when 'credit_card'
- Feature.enabled?(:identity_verification_credit_card, self)
+ ::Gitlab::CurrentSettings.credit_card_verification_enabled
when 'email'
!opt_in_flow?
end
diff --git a/ee/app/models/ee/application_setting.rb b/ee/app/models/ee/application_setting.rb
index c4826cf0d261ba8398e95d6ee1b24062d19eb9a0..7830c7267f5d4b26da05b58c9142c487d51a364d 100644
--- a/ee/app/models/ee/application_setting.rb
+++ b/ee/app/models/ee/application_setting.rb
@@ -53,7 +53,8 @@ module ApplicationSetting
unverified_account_group_creation_limit: [:integer, { default: 2 }],
phone_verification_enabled: [:boolean, { default: true }],
ci_requires_identity_verification_on_free_plan: [:boolean, { default: true }],
- telesign_intelligence_enabled: [:boolean, { default: true }]
+ telesign_intelligence_enabled: [:boolean, { default: true }],
+ credit_card_verification_enabled: [:boolean, { default: true }]
validates :identity_verification_settings, json_schema: { filename: "identity_verification_settings" }
diff --git a/ee/app/validators/json_schemas/identity_verification_settings.json b/ee/app/validators/json_schemas/identity_verification_settings.json
index 7696e9e3da956ed47e9300b8d2118be683c452f4..548868596203620a864f3e1cd2a4ad0852f5bcd0 100644
--- a/ee/app/validators/json_schemas/identity_verification_settings.json
+++ b/ee/app/validators/json_schemas/identity_verification_settings.json
@@ -27,6 +27,10 @@
"telesign_intelligence_enabled": {
"type": "boolean",
"description": "Flag to control use of Telesign Intelligence service"
+ },
+ "credit_card_verification_enabled": {
+ "type": "boolean",
+ "description": "Whether credit card verification is an available identity verification method"
}
}
}
diff --git a/ee/config/feature_flags/development/identity_verification_credit_card.yml b/ee/config/feature_flags/development/identity_verification_credit_card.yml
deleted file mode 100644
index 142072a76fd4d69c27492c116cb8b99b3200421e..0000000000000000000000000000000000000000
--- a/ee/config/feature_flags/development/identity_verification_credit_card.yml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-name: identity_verification_credit_card
-introduced_by_url: 'https://gitlab.com/gitlab-org/gitlab/-/merge_requests/99202'
-rollout_issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/375675'
-milestone: '15.5'
-type: development
-group: group::anti-abuse
-default_enabled: false
diff --git a/ee/spec/features/registrations/email_confirmation_spec.rb b/ee/spec/features/registrations/email_confirmation_spec.rb
index 114fe5033f1af100db49512f0250607d902cd71e..45acfb022d75f1ba6922b0ad98466a2c681abc4b 100644
--- a/ee/spec/features/registrations/email_confirmation_spec.rb
+++ b/ee/spec/features/registrations/email_confirmation_spec.rb
@@ -19,7 +19,7 @@
with_them do
before do
- stub_feature_flags(identity_verification_credit_card: false)
+ stub_application_setting(credit_card_verification_enabled: false)
stub_saas_features(identity_verification: identity_verification)
stub_application_setting(require_admin_approval_after_user_signup: require_admin_approval_after_user_signup)
diff --git a/ee/spec/helpers/ee/application_settings_helper_spec.rb b/ee/spec/helpers/ee/application_settings_helper_spec.rb
index febf1f91e059aa91ffb26dc41cf6b1b1ad6960bd..adce77614a1c8dbad4640ebd4bf10027f42d944f 100644
--- a/ee/spec/helpers/ee/application_settings_helper_spec.rb
+++ b/ee/spec/helpers/ee/application_settings_helper_spec.rb
@@ -38,6 +38,7 @@
arkose_labs_private_api_key
arkose_labs_public_api_key
ci_requires_identity_verification_on_free_plan
+ credit_card_verification_enabled
phone_verification_enabled
telesign_customer_xid
telesign_api_key
@@ -54,6 +55,7 @@
arkose_labs_private_api_key
arkose_labs_public_api_key
ci_requires_identity_verification_on_free_plan
+ credit_card_verification_enabled
phone_verification_enabled
telesign_customer_xid
telesign_api_key
diff --git a/ee/spec/models/application_setting_spec.rb b/ee/spec/models/application_setting_spec.rb
index 2ddf34a6565cbde9ad02954ac03fb730e7844dbc..29db1fcf1100be126faeb02ae4395740d1a86627 100644
--- a/ee/spec/models/application_setting_spec.rb
+++ b/ee/spec/models/application_setting_spec.rb
@@ -36,6 +36,7 @@
it { expect(setting.seat_control).to eq(0) }
it { expect(setting.soft_phone_verification_transactions_daily_limit).to eq(16000) }
it { expect(setting.phone_verification_enabled).to eq(true) }
+ it { expect(setting.credit_card_verification_enabled).to eq(true) }
it { expect(setting.ci_requires_identity_verification_on_free_plan).to eq(true) }
it { expect(setting.secret_detection_service_url).to eq('') }
it { expect(setting.secret_detection_service_auth_token).to eq(nil) }
diff --git a/ee/spec/models/concerns/identity_verifiable_spec.rb b/ee/spec/models/concerns/identity_verifiable_spec.rb
index 59aeb713d3a4bcd2dd126403511299993562e118..9ba3a96fd6c756e65b373445d7e1e2ae6381ba05 100644
--- a/ee/spec/models/concerns/identity_verifiable_spec.rb
+++ b/ee/spec/models/concerns/identity_verifiable_spec.rb
@@ -55,7 +55,7 @@ def add_user_risk_band(value)
context 'when verification methods are unavailable' do
before do
stub_application_setting(phone_verification_enabled: false)
- stub_feature_flags(identity_verification_credit_card: false)
+ stub_application_setting(credit_card_verification_enabled: false)
end
context 'when the user is not active' do
@@ -345,7 +345,7 @@ def add_user_risk_band(value)
user.add_phone_number_verification_exemption if phone_exempt
user.add_identity_verification_exemption('test') if identity_verification_exempt
- stub_feature_flags(identity_verification_credit_card: credit_card)
+ stub_application_setting(credit_card_verification_enabled: credit_card)
stub_application_setting(phone_verification_enabled: phone_number)
end
@@ -379,32 +379,6 @@ def add_user_risk_band(value)
end
end
- context 'when flag is enabled for a specific user' do
- let_it_be(:another_user) { create(:user) }
-
- where(:risk_band, :credit_card, :result) do
- 'High' | true | %w[email phone credit_card]
- 'High' | false | %w[email phone]
- end
-
- with_them do
- before do
- stub_feature_flags(identity_verification_credit_card: false)
-
- add_user_risk_band(risk_band)
- create(:user_custom_attribute, key: UserCustomAttribute::ARKOSE_RISK_BAND, value: risk_band,
- user: another_user)
-
- stub_feature_flags(identity_verification_credit_card: user) if credit_card
- end
-
- it 'only affects that user' do
- expect(user.required_identity_verification_methods).to eq(result)
- expect(another_user.required_identity_verification_methods).to eq(%w[email phone])
- end
- end
- end
-
context 'when phone verifications soft limit has been exceeded' do
where(:risk_band, :result) do
'High' | %w[email credit_card phone]
@@ -719,7 +693,7 @@ def add_user_risk_band(value)
with_them do
before do
- stub_feature_flags(identity_verification_credit_card: credit_card)
+ stub_application_setting(credit_card_verification_enabled: credit_card)
stub_application_setting(phone_verification_enabled: phone_number)
allow(user).to receive(:required_identity_verification_methods).and_return(required_verification_methods)